google-app-engine,authentication,google-plus,google-cloud-endpoints,google-plus-domains , Is it possible to use Google Cloud Endpoints built in authentication with Google+ Domains API?


Is it possible to use Google Cloud Endpoints built in authentication with Google+ Domains API?

Question:

Tag: google-app-engine,authentication,google-plus,google-cloud-endpoints,google-plus-domains

Google Cloud Endpoints has it's own authentication process in which the backend endpoint method is simply passed a com.google.appengine.api.users.User object.

https://cloud.google.com/appengine/docs/java/endpoints/auth

The Google+ Domains API specifies its own authentication process in order to get the com.google.api.client.auth.oauth2.Credential object. This allows for the building of the com.google.api.services.plusDomains.PlusDomain object.

https://developers.google.com/+/domains/authentication/

How would you integrate these two authentication processes? This is for a web app (Java Script) with a Google App Engine (Java) backend.

In an ideal situation, I would like to be able to retrieve the users bio/profile basic info via my JS app while the user is offline.

Use Case: I have a comment thread where each comment has an author persisted in the Google Datastore as a com.google.appengine.api.users.User object. However when I render the comment thread in my JS web app I would like to show a profile picture for each author. If I could make a call from the web app to retrieve the bio for each commenter I could save the backend a lot of work. The web app would have the user object as JSON. Which includes the user ID and email.


Answer:

So, your use-case is:

The solution: if your users were presented with an oauth flow that had them grant the scope required for the google+ API call (the profile scope) in addition to the regular endpoints "userinfo.profile" scope, it should be no problem to call the Google+ API, either from the JS client or from the Java back-end, using the Google API client libraries, after going through that flow to obtain the credentials.

In order to avoid re-authenticating them each time, you should serialize and store a credentials object from the language in question, or you could even simply keep track of the refresh token for their grant and go through the low-level OAuth dance to obtain a fresh access token (you'll probably want to do the former, as it does this for you).

As noted elsewhere on the web (in several other places as well), the userid from the User object is not the same as the Google+ profile id, so be aware of that when working with the endpoints method parameter User objects. You therefore won't be able to use the userid from the User object to call people.get.

Instead, you should store the Google+ profile ID of the user at the time that they first signed-in or at least went through the oauth flow that granted the necessary Google+ scope, alongside the User object you've already been using. You'll have to use the (de)serialized credentials objects or refresh/access tokens to call the Google+ API, once you retrieve the Google+ profile id from each user's data model in your storage (whatever solution you use, from Datastore to SQL, etc.)


Related:


Is it nessesarry to send credentials on every single request to MVC Web Api?


authentication,asp.net-web-api,web-api
I am about to create my first restfull web service where i chose MVC WEB API to be the "provider". After reading about authentication i am a little confused. My requirements is that on call to any url of webservice i want client to be authenticated, except sign in url....

python requests with redirection


python,authentication,redirect,curl,python-requests
Trying to authenticate on http://72.ru site, noticed that there were a redirect to https://loginka.ru/auth/. Found that there were 302 POST with plain credentials in data form. Copying headers from Chrome can reproduce that in cURL, but still can't reach in requests module. Warning: page is full of russian letters, registration...

shall I use Spring framework for a performance-critical proxy application? [closed]


java,spring,authentication,servlets
I've created a servlet (Tomcat) application which has these functions: It performs HTTP Basic Authentication. It connects to a user and role database. It works as "security facade" for some geodata servers behind It forwards requests after doing some authorization tests In case the response contains XML data, it performs...

Riak CS LDAP authentication


authentication,ldap,riak,riak-cs
I read here that Riak CS supports LDAP for authentication: http://bit.ly/1Rb2yTF "Pluggable Authentication/Authorization for Integration with Existing Infrastructure – Riak CS provides an extensible authentication system, enabling integration with existing directory services (LDAP, ActiveDirectory, NIS, PAM)." However I cannot find anything relating to the LDAP authentication configuration in the docs....

Getting user credentials using Google+ API


android,google-app-engine,google-api,google-api-java-client
I am trying to include Google sign in in my android application using Google+ Api. I am able to take account details from the user but once signed in I am getting null when requesting for username using call: Plus.PeopleApi.getCurrentPerson(mGoogleApiClient).getDisplayName() And Logcat shows: BasicNetwork.performRequest: Unexpected response code 403 for https://www.googleapis.com/plus/v1/people/me...

Using middleware to call an Authentication API using ExpressJS


angularjs,node.js,authentication,express
I'm using two Node.js + Express applications: Backend Authentication And my front-end is built in AngularJS Basically I'm trying to send a json web token with every request to the Backend, and then use a route middleware to call the Authentication API. It validates that token and add user data...

IllegalArgumentException: expected primitive class, but got: class UUID


android,google-app-engine,google-cloud-endpoints
My app is using GAE endpoints. My model has UUID. And once i try to send it Android app it encounters illegalArgument exception. Anyone has got recommendations how to handle endpoints model with UUID on android app with Google App Engine endpoints? 06-14 23:26:49.560 27462-27488/com.example E/AndroidRuntime﹕ FATAL EXCEPTION: AsyncTask #1...

GAE DOMDocument::load(): I/O warning : failed to load external entity


javascript,php,json,google-app-engine
I'm trying to move an existing webapp on GAE. At the moment the app is running on my local SDK. When the app perform a compatibility check, it returns an error (read by FIREBUG ): This is the code of the js who fails: function checkConfig(){ // Launch the configuration...

JQuery Add expiration to authentication token stored with HTML5 localStorage?


php,jquery,mysql,security,authentication
I am making a mobile game with JQuery Mobile, a multipage template (so all pages in 1 html file, which makes it usable with PhoneGap). Since it is HTML I am using JQuerys $.post function to send data to php scripts such as login.php, register.php, which add/update/delete data from the...

Google App Engine datastore: filter()


python,google-app-engine
I'm trying to retrieve an entry from Google App Engine's datastore using the filter() method as follows: result = Sender.all().filter("email =", email).filter("source_address =", source).filter("dest_address =", dest).filter("food_type =", food_type) Then, if such an entry exists, I change the value of one of the columns in that entry. Otherwise, I'm displaying an...

PostgreSQL: MD5 Authentication in pg_hba.conf gives me FATAL: Peer authentication failed for user “postgres”


postgresql,authentication,psql
I'm running Ubuntu 14.04 and installed PostgreSQL 9.3. Edited /etc/postgresql/9.3/main/pg_hba.conf as: # "local" is for Unix domain socket connections only local all all md5 # IPv4 local connections: host all all 127.0.0.1/32 md5 # IPv6 local connections: host all all ::1/128 md5 I restarted the server and now I'd like...

GAE Managed VMs: Possible to use C-based Python libraries with standard runtime?


python,google-app-engine
I'm building a background module for my app in Python 2.7, but it needs to use C-based external libraries such as OpenCV. While GAE only "directly" supports pure Python libraries, I understand that using a managed VM removes that constraint. What I'm not quite clear on, after reading the documentation,...

GAE webapp2 delete all UserTokens (drop all sessios) for specific user


python,google-app-engine,webapp2
I want to drop all user sessions when user resets his password, but I can't find a way to do that. My idea was to get all UserTokens of the specific user and delete them, but it seems impossible, because of user = model.StringProperty(required=True, indexed=False) in UserToken model Any ideas...

upload CSV file to database on Google app engine using Python


python,database,google-app-engine,csv,upload
I'm a newbie in python and started learning it from about a week. I was looking into couple of tasks one of which was to upload a file (.txt or .jpg) to a bucket on GAE. I was able to solve it by following couple of tutorials online, but i'm...

No module named _mysql - Google App Engine & Django


python,mysql,django,google-app-engine
First of all I'm working on Mac (Yosemite). I've created a simple Django project with Google App Engine. I'm using Cloud SQL in production and MySQL in development environment as recommended in the docs. The project uses virtualenv on my dev machine of course. I can run the project with...

X509Certificate: what is the difference between getIssuerDN() and getSubjectDN() methods


java,security,authentication,x509
I'm using X509Certificate class in java, and when I want to get the subject name I try: x509certificate.getIssuerDN().getName(); and x509certificate.getSubjectDN().getName(); both methods have the same result. So what is the difference between them ??...

App Engine - NDB query with projection requires subproperty?


google-app-engine,gae-datastore,app-engine-ndb,google-app-engine-python
I have the following objects: class Address(ndb.Model): type = ndb.StringProperty() # E.g., 'home', 'work' street = ndb.StringProperty() city = ndb.StringProperty() class Friend(ndb.Model): first_name = ndb.StringProperty() # E.g., 'home', 'work' last_name = ndb.StringProperty() class Contact(ndb.Model): name = ndb.StringProperty() addresses = ndb.StructuredProperty(Address, repeated=True) friends = ndb.StructuredProperty(Friend, repeated=True) And now to optimize the...

Scaling non-default version of Google App Engine Backend


python,google-app-engine
I have a live app that uses Google App Engine (python) for the backend. The app is pointing https://my-app.appspot.com. Because the API has changed significantly, I've set up a new version of the backend, 'v2', and am pointing the new app to https://v2.my-app.appspot.com. I see now in the docs, that...

Connecting to database using Windows Athentication


sql-server,vb.net,authentication,connection-string
I would like to use window authentication in my program to connect to my sql server. users already have certain permissions on the SQL server and I would like to leverage that in my program. The way I currently connect to the server is using this connection string. Dim ConnectionString...

Trying to download a file using Dropbox Java API in the GAE


java,google-app-engine
I have an XML file on Dropbox that I want to access from my Google App Engine using the Dropbox Java API. After a bit of playing around I find the GAE doesn't support FileOutputStream. FileOutputStream outputStream = new FileOutputStream("myFile.txt"); try { DbxEntry.File downloadedFile = client.getFile("/myFile.txt", null, outputStream); System.out.println("Metadata: "...

Do we HAVE to generate and use client libraries to use Google App Engine's Endpoints?


ios,swift,rest,google-app-engine,google-cloud-endpoints
I am currently developing an Swift iOS app with GAE Endpoints for the RESTful API. It seems like all the tutorials and documents make you generate and use client libraries if you need to use the API on the client side. I was wondering if it's possible for me to...

How can you get the Google+ Profile of the current user when using Google Cloud Endpoint's (Java) built in authentication?


google-app-engine,google-plus,google-cloud-endpoints
My Setup Backend: Google App Engine (Java) w/ Google Cloud Endpoints using Endpoint's built in authentication Frontend: AngularJS web app Problem I need to get the Google+ profile for my users. The keyword "me" can generally be used to get the current user's Google+ profile, however since all the authentication,...

Objectify - should I create an entity super class?


java,google-app-engine,objectify
Is there any reason why shouldn't all my entities be subclasses of one generic ModelEntity object? @Entity public class ModelEntity { @Id Long id; } @Subclass public class User extends ModelEntity { @Index String username; } The advantages are clear: there is code common to all entities (like id, date,...

Bluemix authentication ios8 with google and facebook


facebook,authentication,ios8,bluemix,google-authentication
I am trying to implement two types of authentication from an iOS8 device in the bluemix platform. I succeeded in adding one type of authentication: google. I am using a ADVANCED MOBILE ACCESS module, and I am at the User Authentication part. It looks from a dashboard like I can...

Authentication with OAuth and JWT but without OpenID Connect


session,authentication,oauth,authorization,openid-connect
I’m wondering if I really need OpenID Connect to provide authentication on top of OAuth2. It seems to me if I generate JWTs (JWE) as my access token and I store user claims, roles/permissions, etc. in the access token, then the OpenID Connect's id token isn't needed. Resource servers can...

What was I wrong when using Jersey Client to authenticate an Spring Security web application?


spring,authentication,jersey-client
I have a web application which is protected by Spring Security Login Form authentication. Now I want to use Jersey Client to authenticate to my web pages and I think I should pass through login form as I do on a normal browser. My client authentication code is as below...

serving GAE applications over http


java,google-app-engine,ssl
I have implemented an application on GAE which can be accessible through https://<my_app_id>.appspot.com. Now I have a custom domain registered with Register.com. As described in GAE documentation I have mapped my custom domain to https://<my_app_id>.appspot.com and I see my application getting served from my custom domain. But I see requests...

How to get public link for the uploaded file on google cloud storage in local dev server(Google App engine+JAVA)


java,google-app-engine,file-upload,google-cloud-platform
I am trying to upload the image files using gcs client library+java in local google app engine dev server. Images are uploaded successfully and i can see the entries created in local datastore under localhost:8888/_ah/admin/datastore How to get the public key for the uploaded images so that i can show...

Multi service with one-login authentication (Single sign-on)


authentication,login,single-sign-on,saml
Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. (from wikipedia) now, I have more web service:...

Laravel 5: How to add Auth::user()->id through the constructor ?


authentication,laravel,constructor
I can get the ID of the authenticated user like this: Auth::user()->id = $id; Great it works, ... but I have a load of methods which need it and I want a cleaner way of adding it to the class as a whole,so I can just reference the $id in...

How to respond in Middleware Slim PHP Framework


php,rest,authentication,middleware,slim
I am creating middleware for auth into REST API. My API is created using Slim PHP Framework ,which in case provide great features to build APIs. One of this feature is Middleware. I need to check credentials in Middleware and respond with an error (HTTP code with JSON descriptions) to...

Simple token-like authentication


php,authentication,token
Does the following authentication system seem reasonable: Client calls the login end point with a user name and password to the main server. The main server sends this off to another authentication server (which will receive no further mention), which returns a yes/no if this is valid and a user...

Loopback Angular SDK response code 401 intercept


angularjs,authentication,loopback
I'm using the Angular Loopback SDK and am trying to implement a 401 handler that automatically detects when the user needs to authenticate. Loopback responds to a data request with a 401 and I use that to invoke a login dialog. Basically using the strategy described here - http://docs.strongloop.com/display/public/LB/AngularJS+JavaScript+SDK#AngularJSJavaScriptSDK-Handling401Unauthorized However,...

Web API Basic Auth inside an MVC app with Identity Auth


c#,authentication,asp.net-web-api,asp.net-mvc-5
So I have a C# MVC app using Identity for its authentication. I now have a need to expose a few things via Web API to some of my clients. Instead of building a separate app, project, deployment... I've simply added an API Controller to my existing project. To keep...

Rails basic auth not working properly


ruby-on-rails,ruby,authentication
I am building a small API that uses basic authentication. What I have done, is that a user can generate a username and password, that could be used to authenticate to the API. However I have discovered that it is not working 100% as intended. It appears that a request...

Client certificate authentication


authentication,ssl,https,ssl-certificate,x509
I am new to SSL and Certificates . I have been doing my research about client certificate authentication. I have read this and wiki. So If I have to implement a client certificate auth solution for my B2B REST service should I do following Ask clients to generate their own...

Google Appengine - Entity class is not enhanced


google-app-engine
If I change an Entity class in a an appengine project in eclipse, in run time I get this error Found Meta-Data for [classpath] but this class is not enhanced!! Please enhance the class before running DataNucleus. Even when I undo the changes and re-run the local srv i get...

Sending mail by Unauthorised sender in Google AppEngine


python,google-app-engine,email,sendmail
I've got a Google AppEngine Python application connected with my domain. I want to be able to send emails from any email, like: [email protected] So I use sendmail() and set mailobject.sender = "[email protected]", but it does not work. Also I made a receive function, but I don't want to receive...

Difference between django.contrib.auth.login and django.contrib.auth.views.login


django,authentication
What's the difference to use django.contrib.auth.login or django.contrib.auth.views.login? First in __init__.py and second in views.py I saw that code and it differs from each other. Same is with some other views, for example 'logout'. As I understand, django.contrib.auth.views.login is used when I want to redefine some parametrs of that view?

GAE Python PyML ImportError: No module named _ckernel


python,google-app-engine,pyml
I'm trying to import PyML on Google App Engine as a requirement for another library, however I am getting the following import error: File "/base/data/home/apps/s~myapp/uno.385079313378714244/PyML/__init__.py", line 4, in <module> from PyML.containers import * File "/base/data/home/apps/s~myapp/uno.385079313378714244/PyML/containers/__init__.py", line 3, in <module> VectorDataSet = __import__('PyML.containers.vectorDatasets', fromlist=['']).VectorDataSet File...

Designing an API on top of BigQuery


google-app-engine,bigdata,google-bigquery
I have an AppEngine app that tracks user various sorts of impression data across several websites. Currently we're gathering roughly 40 million records a month and the main BigQuery table is closing in on 15Gb in size after 6 weeks of gathering data and our estimates show that within 6...

How to enable multiple login tries in asp.net forms authentication?


c#,asp.net,asp.net-mvc,authentication
I have a MVC project with forms authentication. Basically it works fine: The user wants to access a controller with Authorize-Attribute and gets redirected to login-page if not authenticated. On redirect the parameter returnUrl gets forwarded as well. However, in case the first try of the login fails, the return...

viewing google app engine Python logging messages in CodeEnvy


python,google-app-engine,logging,cloud
I'm trying to move my GAE development to the cloud. So far Codeenvy has the richest toolset however I'm struggling with one small issue. when I use the python logging library I don't know where to view these messages! def post(self): self.response.write('Processing form data...') feedback = self.request.get('content') logging.info(feedback) I assumed...

MVC5 Login to custom Database


asp.net-mvc,authentication,login,asp.net-mvc-5,owin
What if you have your own database and a BAL (Business Access Layer) and don't want to use DefaultConnection and the template ASPNET database tables but my own user tables? How can you use a custom database? ConnectionString: public class AppDbContext : IdentityDbContext<AppUser> { public AppDbContext() : base("DefaultConnection") { }...

Association Error with Sorcery Gem in Rails


ruby-on-rails,ruby,authentication,gem,sorcery
I used Sorcery to set up authentication in Rails and I'm trying to create a model where the user id for the user is linked as reference to the model for data entered, but I get an error: Couldn't find User without an ID it refers to the following code:...

Third-party security providers like Google, Twitter etc. in ASP.Net


asp.net,authentication
I have created a standard ASP.Net web project in Visual Studio 2013 and enabled authentication. A class called 'StartupAuth.cs' is created auotmatically, with following lines. When the app runs on localhost dev server it throws an exception as pasted in screen shot below the code. I need to have it...

What is the equivalent of BlobstoreLineInputReader for targeting Google Cloud Storage?


python,google-app-engine,mapreduce,pipeline
This is a python appengine question, mapreduce library 1.9.21 . I have code writing lines to a blob in the local blobstore, then processing that using mapreduce BlobstoreLineInputReader. Given that the files api is going away, I thought I'd retarget all my processing to cloud storage. I would expect to...

jquery google app engine


jquery,google-app-engine
I have an issue where the Javascript file that I have uploaded does not work. My code is below. app.yaml has: - url: /js static_dir: /js index.html has: <script type="text/javascript" src="/js/script.js"></script> script.js has: $(document).ready(function(){ $('img').click(function(){ $(this).fadeOut('slow'); }); $('p').click(function(){ $(this).fadeOut('slow'); }); alert("hi"); }); and not even the alert comes out...

Error Hashing + Salt password


python,authentication,python-3.x,hash,salt
Someone can help me to fix this problem: TypeError: can't concat bytes to str I am trying to safely store hash+salt passwords, I think the problem is that my salt is a byte object how can I transform it into a string? Or is there a way to hash it...

GAE/P: Migrating to NDB efficiently


python,google-app-engine,app-engine-ndb
I'm finally upgrading from db to ndb (it is a much bigger headache than I anticipated...). I used a lot of ReferenceProperty and I've converted these to KeyProperty. Now, every place where I used a ReferenceProperty I need to add an explicit get because it was previously done for me...